From 91ddd6bd5ee6a219178e1e0dfcd02613cb9575e6 Mon Sep 17 00:00:00 2001 From: Eduardo Vozniak Date: Mon, 2 Oct 2023 19:50:48 -0300 Subject: [PATCH] Fixing introspect --- providers/oidc.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/providers/oidc.go b/providers/oidc.go index cb6269312a..de7b827754 100644 --- a/providers/oidc.go +++ b/providers/oidc.go @@ -84,12 +84,9 @@ func (p *OIDCProvider) Redeem(ctx context.Context, redirectURL, code, codeVerifi // EnrichSession is called after Redeem to allow providers to enrich session fields // such as User, Email, Groups with provider specific API calls. func (p *OIDCProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error { - // ToDo: Vozniak - is this going to break something? tests are fine. - if p != nil && p.IntrospectURL != nil && p.IntrospectURL.String() != "" { - err := p.enrichFromIntrospectURL(ctx, s) - if err != nil { - logger.Errorf("Warning: Introspect URL request failed: %v", err) - } + err := p.enrichFromIntrospectURL(ctx, s) + if err != nil { + logger.Errorf("Warning: Introspect URL request failed: %v", err) } // If a mandatory email wasn't set, error at this point. @@ -130,7 +127,14 @@ func (p *OIDCProvider) enrichFromIntrospectURL(ctx context.Context, s *sessions. params.Add("token", s.AccessToken) basicAuth := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", p.ClientID, clientSecret))) logger.Printf("Requesting introspect") - result := requests.New( /* p.IntrospectURL.String() */ "https://iam-client-test.us-east.philips-healthsuite.com/authorize/oauth2/introspect"). + if p.IntrospectURL == nil { + p.IntrospectURL = &url.URL{ + Scheme: p.RedeemURL.Scheme, + Host: p.RedeemURL.Host, + Path: "/authorize/oauth2/introspect", + } + } + result := requests.New(p.IntrospectURL.String()). WithContext(ctx). WithMethod("POST"). WithBody(bytes.NewBufferString(params.Encode())).